Automatic Proposal Cancellation Not Implemented When Proposer Loses Required Voting Power
Summary
The governance contract does not automatically cancel a proposal when the proposer loses the required voting power (proposalThreshold). While the contract includes functionality for proposers to manually cancel a proposal, it does not handle automatic cancellation when the proposer’s voting power drops below the threshold during the proposal's lifecycle.
Vulnerability Details
The contract relies on the proposer’s voting power to ensure the validity of a proposal. However, there is no mechanism that automatically checks or cancels the proposal if the proposer’s voting power falls below the
proposalThresholdduring the proposal lifecycle.The absence of this feature means that proposals could remain open for voting and even execution, even if the proposer no longer meets the necessary requirements.
The
cancelfunction is available to the proposer to cancel a proposal manually, but this is not an automatic process. If the proposer loses voting power, the proposal continues to exist and may be executed, which violates the intended governance mechanics.
Impact
Governance Stability: Proposals could remain active and potentially be executed even if the proposer no longer holds sufficient voting power to back them. This undermines the reliability and integrity of the governance system.
Integrity of Voting Process: The proposal lifecycle should automatically account for changes in the proposer’s voting power. Without automatic checks, proposals initiated by eligible proposers could still go through the voting process and be executed, despite no longer meeting the governance criteria.
Abuse Potential: Malicious actors could exploit this issue by submitting a proposal and later transferring tokens or reducing their voting power, allowing them to influence governance without meeting the required stake.
Tools Used
Manual code inspection and review
Recommendations
-
Implement Automatic Proposal Cancellation:
Add a mechanism that automatically checks if the proposer’s voting power falls below the
proposalThresholdduring the proposal lifecycle. This check should be triggered in relevant functions likecastVote,execute, or any function that interacts with proposals. -
State Validation for Proposer’s Voting Power:
Modify the contract to validate the proposer’s voting power whenever querying the proposal’s state or before executing any actions related to the proposal. If the proposer’s voting power is insufficient, automatically mark the proposal as canceled.
Example of automatic cancellation logic:
function checkAndCancelProposal(uint256 proposalId) internal {ProposalCore storage proposal = _proposals[proposalId];uint256 proposerVotes = _veToken.getVotingPower(proposal.proposer);if (proposerVotes < proposalThreshold) {proposal.canceled = true;emit ProposalCanceled(proposalId, proposal.proposer, "Proposal canceled due to insufficient voting power");}}function castVote(uint256 proposalId, bool support) external override returns (uint256) {// Existing logic for voting// Automatically check if the proposal should be canceledcheckAndCancelProposal(proposalId);return weight;} -
Proposer Voting Power Check on Execution:
Before executing any proposal, check if the proposer still has sufficient voting power. If not, automatically cancel the proposal or prevent it from executing.
By implementing this automatic cancellation, the system will maintain governance integrity, ensuring that proposals are only considered valid when the proposer still meets the required voting power.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.